<!doctype html>
<html lang="en">

<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css"
    integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
  <title>Server Side Template Injection</title>
  <style>
    body {
      background-color: rgb(24, 26, 27);
      color: #f7f7f7;
    }

    .form-control,
    .form-control[readonly],
    .form-control:focus,
    input:focus {
      color: rgb(202, 198, 190);
      background-color: rgb(30, 32, 34);
      border-top-color: rgb(54, 63, 72);
      border-right-color: rgb(54, 63, 72);
      border-bottom-color: rgb(54, 63, 72);
      border-left-color: rgb(54, 63, 72);
    }

    .jumbotron {
      background-image: url("{{url_for('static', filename='hacker.jpg')}}");
      background-size: cover;
      margin-top: 30px;
      height: 360px;
      position: relative;
    }

    .jumbotron h1 {
      color: white;
      background: black;
      font-family: monospace;
      position: absolute;
      bottom: 20px;
    }

    textarea {
      height: 500px;
      width: 100%;
      font-family: monospace;
      color: rgb(202, 198, 190);
      background-color: rgb(30, 32, 34);
      border-top-color: rgb(54, 63, 72);
      border-right-color: rgb(54, 63, 72);
      border-bottom-color: rgb(54, 63, 72);
      border-left-color: rgb(54, 63, 72);
    }
  </style>
</head>

<body>

  <div class="container">
    <div class="jumbotron">
      <h1 class="display-4">Server Side Template Injection</h1>
    </div>
    <div class="row">
      <div class="col-12">
        <form action="/" class="form-group" method="POST">
          <label for="exploit">Exploit</label>
          <input type="text" placeholder="your epxloit goes here" name="exploit" class="form-control" id="exploit">
        </form>
      </div>
      <div class="col-5">
        <h5>Your challenge : </h5>
        <p><strong>Use the provided <code>input field</code> to&hellip;</strong></p>
        <ul>
          <li>Read the application's <code>config</code> using the SSTI vulnerability.</li>
          <li>If you have successfully exploited the app and got its <code>config</code>, you should be getting your
            first flag from the <code>config</code> you dumped</li>
        </ul>
        <p><strong>But, first you need to know what <code>templating engine</code> is being used&hellip;</strong></p>
      </div>
      <div class="col-7">
        <h5>Output Viewer</h5>
        <textarea class="form-control"
          readonly>{% if exploit %}{{exploit}}{% else %}Everything seems to be fine here...{% endif %}</textarea>
      </div>
    </div>
</body>

</html>